Monday 10 July 2017, Poradnik bezpieczeństwa

Password reset process can lead to the account takeover and identity theft

Lost24

The Israeli scientists from the College of Management Academic Studies have proven that even the inexperienced hacker can take over the user's internet accounts by exploiting the existing vulnerabilities in password reset procedures.

The researchers have dubbed the hacking technique as Password Reset Man-in-the-Middle (PRMitM). They have also warned that Google's servers are particularly susceptible to this type of attack. This does not mean, however that other sites or e-mail services (like Facebook, Yahoo, LinkedIn, Yandex) are completely resistant to the PRMitM attacks.

In order to carry out the attack, the hacker first needs to create a website, offering the users a free services, free software, or some other free content that can only be obtained by signing up and in. As usual, during the registration process, the user is asked to enter all sort of informations, however as soon as the victim reveals his or hers e-mail address, the PRMitM attack can begin.
Knowing the specified e-mail provider and the address of the server, the hacker can independently execute the “forgot my password” process. This operation obviously involves a reset of the existing password and a creation of a new one, that is immediately intercepts by the attacker – a.k.a. "a man-in-the-middle".

The entire mechanism of the Password Reset Man-in-the-Middle attack is described thoroughly here.